mirror of
https://github.com/munki/munki.git
synced 2026-01-25 08:29:22 -06:00
79 lines
2.5 KiB
Python
Executable File
79 lines
2.5 KiB
Python
Executable File
#!/usr/bin/python
|
|
# encoding: utf-8
|
|
#
|
|
# Copyright 2014 Greg Neagle.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the 'License');
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an 'AS IS' BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""
|
|
keychain
|
|
|
|
Created by Greg Neagle on 2014-10-15.
|
|
Incorporating work and ideas from Michael Lynn here:
|
|
https://gist.github.com/pudquick/7704254
|
|
|
|
"""
|
|
|
|
import optparse
|
|
import os
|
|
import sys
|
|
|
|
from munkilib import munkicommon
|
|
from munkilib import keychain
|
|
|
|
|
|
def main():
|
|
'''Main routine'''
|
|
usage = "usage: %prog [options]"
|
|
parser = optparse.OptionParser(usage=usage)
|
|
parser.add_option('--ca_cert_path', help='Path to a CA cert.')
|
|
parser.add_option('--ca_dir_path', help='Path to a directory of CA certs.')
|
|
parser.add_option('--client_cert_path', help='Path to a client cert.')
|
|
parser.add_option('--client_key_path', help='Path to a client key.')
|
|
parser.add_option('--site_url',
|
|
help='Site URL. '
|
|
'(Generally the root URL of the munki repo.)')
|
|
options, arguments = parser.parse_args()
|
|
|
|
# check to see if we're root
|
|
if os.geteuid() != 0:
|
|
print >> sys.stderr, 'You must run this as root!'
|
|
exit(munkicommon.EXIT_STATUS_ROOT_REQUIRED)
|
|
|
|
if arguments:
|
|
print >> sys.stderr, 'Extra arguments supplied!'
|
|
parser.print_usage()
|
|
exit(-1)
|
|
|
|
server_cert_data = keychain.get_munki_server_cert_data()
|
|
client_cert_data = keychain.get_munki_client_cert_data()
|
|
|
|
# command-line options override what we find from Munki
|
|
if options.ca_cert_path:
|
|
server_cert_data['ca_cert_path'] = options.ca_cert_path
|
|
if options.ca_dir_path:
|
|
server_cert_data['ca_dir_path'] = options.ca_dir_path
|
|
|
|
if options.client_cert_path:
|
|
client_cert_data['client_cert_path'] = options.client_cert_path
|
|
if options.client_key_path:
|
|
client_cert_data['client_key_path'] = options.client_key_path
|
|
if options.site_url:
|
|
client_cert_data['site_url'] = options.site_url
|
|
|
|
keychain.add_ca_certs_to_system_keychain(server_cert_data)
|
|
keychain.make_client_keychain(client_cert_data)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|